Safari on a Mac and Internet Explorer 8 in Windows 7 were also exploited

It's
been an action-packed couple of days of Pwn2Own hacking contests at
the CanSecWest security conference in Vancouver. Hackers eroded
Apple's image
of superior security, making quick work of both Microsoft and
Apple products alike.

The fireworks began with an iPhone
exploit coded primarily by Vincenzo Iozzo and Ralf Philipp
Weinmann. The exploit works on fully
patched iPhone 3GS (and presumably other models). It
allows a malicious user to lure a target to a website and then steal
any or all of the following -- the person's SMS text database
(including deleted messages), their contacts, pictures, and iTunes
music files.

Describes Iozzo, "Basically, every page that
the user visits on our [rigged] site will grab the SMS database and
upload it to a server we control."

Halvar Flake also
helped the pair develop the exploit. He says that the iPhone's
sandbox protections don't do enough to protect the user fully.
He states, "This exploit doesn’t get out of the iPhone
sandbox. Apple has pretty good counter-measures but they are
clearly not enough. The way they implement code-signing is too
lenient."

The
exploit currently crashes the browser, but the collaborators are
planning a version that allows the browser to keep running.
They sold the rights to the vulnerability to TippingPoint Zero Day
Initiative, which is in turn working with Apple to come up with a
patch.

Iozzo and Winmann scored the iPhone 3GS they hacked and
a $15,000 cash prize.

That wasn't the only Apple product
exploited -- as
promised, Charlie Miller successfully
hacked a Mac computer for the third year in the row.
Conference organizers navigated to a prepared webpage which
downloaded content without informing the user. That download
was used by Miller to gain root access to the machine.

Miller
is a champion of a hacking/testing technique known as fuzzing.
Fuzzers throw random inputs such as environment variables,
keyboard and mouse events, and sequences of API calls to try to get a
program to do something it doesn't usually do (like compromise its
security).

For his efforts Miller scored another MacBook Pro
(though he probably doesn't need it). He's cooperating with
Apple on a patch and won't release details of the vulnerability until
it lands.

Apple wasn't the only OS maker to have their
products hacked, though. Windows 7's much celebrated memory
protections were cracked.

Vreugdenhil is also a proponent of
fuzzing to discover exploits. He describes, "I started
with a bypass for ALSR which gave me the base address for one of the
modules loaded into IE. I used that knowledge to do the DEP bypass.
I specifically looking through my fuzzing logs for a bug like this
because I could use it to do the ASLR bypass."

IE team
members were on hand to witness the feat. They said that they
are working with conference organizers to determine the nature of the
vulnerability and make a patch to protect against it.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

Look, I'm not bashing Linux. I love the OSS model and think that Linux (Ubuntu is the one I use at home on my desktop) is pretty amazing. That being said, I don't see how a system like that could be "easy to use" for a non-tech user. Ubuntu has gone a long way at improving the system to make it more user friendly (one of the reasons I'm able to run it as my secondary machine now) and the new music store and ubuntu one will take it even further. But there are droves and droves of people who think that even the iPhone and all of its locked-down glory is too difficult to use.

I think people don't mind buying an entry level machine at higher price points ($600 for a mini / $900 for a mac book) if they think they will have less frustration or support costs. I'm not saying that this is actually true, I'm just saying that this is one reason why mac sales are surging. They have a store where you can talk to friendly people, they have an OS that is purpoted to be easier to use (and in some cases it is) and they have good customer service ($99 and for an ENTIRE YEAR you can come in for hour-sessions to learn about how to use your machine).

That's pretty compelling for the hockey-mom.

Linux isn't.

As for Windows . . . I think its dominance in the work place pretty much assures that it will be the majority desktop for some time to come.

I like Linux, but I wasn't advocating it as a user OS. God forbid; I get enough calls about trivial Windows issues, which are usually the result of negligence. Like not being able to find files because they were deleted. By the user...

I was pointing out the hackers' systems. Only one was a Mac, and it was likely the machine being broken into. Even Charlie, who's already won a few free Macs from this competition, likes using a non-Mac. That's saying quite a lot when free hardware is passed up in favor of other hardware.